Search this Blog

Wednesday, March 10, 2010

What's the maximum number of LDAP Directories configurable in CCM 7?


What is the maximum number of LDAP directories configurable in CCM7? We have users spread across 25 OUs. Is there a server that could gather all of these accounts and serve them up to CCM under just one context?

You can configure up to 5 LDAP agreements. In your case, you'll need to set your search at the root and then use AD permissions to deny the LDAP user the ability to see objects it shouldn't see. Each agreement can point to a different search space or "OU" in LDAP.

The synchronization is performed by a process called Cisco DirSync, which is enabled through the Serviceability web page. When enabled, it allows one to five synchronization agreements to be configured in the system. An agreement specifies a search base that is a position in the LDAP tree where Unified CM will begin its search for user accounts to import. Unified CM can import only users that exist in the domain specified by the search base for a particular synchronization agreement.
So, you can only use type of import (i.e., AD, Sun, etc) - if you go AD, that's the only choice. You can then set up separate agreements which specify specific OU's in AD that you'd like to search for users.
Again, in the original case of having 25 OU's, then you could consider the following:
Reorganization of the AD tree. Break those 25 OU's into 5 logical groups or a single group (i.e., Users) where you'd set up an agreement for. If you don't maintain AD, this isn't likely to happen.
You can set your search base as the root of the AD tree. You would then need to use permissions within AD to limit the objects and containers that your LDAP Dir Sync user can actually access. Again, this could get a bit involved depending on what you're dealing with in AD and, if you don’t control AD, you'll have to do some convincing here to get this done. But this is an option and it works - have done it elsewhere.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

No comments :

Post a Comment

 
/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */